| VID |
21988 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The SquirrelCart program is vulnerable to an SQL injection vulnerability in the 'store.php' script. Squirrelcart PHP Shopping Cart is a shopping cart application written in PHP. SquirrelCart version 1.5.5 and earlier versions are vulnerable to an SQL injection vulnerability, caused by improper filtering of user-supplied input passed to the 'store.php' script before using it in a database query. This vulnerability could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://secunia.com/advisories/14770
http://www.ldev.com/forums/showthread.php?t=1860
* Platforms Affected:
SquirrelCart versions 1.5.5 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of SquirrelCart (1.6.0 or later), available from the SquirrelCart Web page at http://www.squirrelcart.com/downloads.php |
| Related URL |
CVE-2005-0962 (CVE) |
| Related URL |
12944 (SecurityFocus) |
| Related URL |
19904 (ISS) |
|
